When pushing out the new update to the FglAM (Foglight Agent Manager) from the FMS (Foglight Management Server), it was able to install the new java JRE. But the FglAM cannot connect to the FMS because the CA cert is not in the new java cacerts keystore.
Error javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target is present in the FglAM log.
Is there a way to preserve this or is it necessary to install the CA cert into each existing FglAM?
Using the [FglAM_HOME]/bin/fglam --add-certificate alias=/path/to/certificate_file command to import a certificate, allows the CA certificates to persist even after the FglAM upgrades, because FglAM stores the imported certificates in its keystore instead of the JRE built-in keystore.
Using the keytoolcommand to install these certificates causes to require a reinstall of the certificate after an upgrade.
Best practice is to install a FglAM CA certificate with the fglam --add-certificate method. For details refer to the Configuring the Agent Manager to use SSL certificates section of the Foglight Agent Manager Guide.
